Commit | Line | Data |
---|---|---|
b4d0d230 | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
e68503bd DH |
2 | /* Signature verification |
3 | * | |
4 | * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. | |
5 | * Written by David Howells (dhowells@redhat.com) | |
e68503bd DH |
6 | */ |
7 | ||
8 | #ifndef _LINUX_VERIFICATION_H | |
9 | #define _LINUX_VERIFICATION_H | |
10 | ||
f14602ca MS |
11 | #include <linux/types.h> |
12 | ||
817aef26 YS |
13 | /* |
14 | * Indicate that both builtin trusted keys and secondary trusted keys | |
15 | * should be used. | |
16 | */ | |
17 | #define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) | |
278311e4 | 18 | #define VERIFY_USE_PLATFORM_KEYRING ((struct key *)2UL) |
817aef26 | 19 | |
f3cf4134 RS |
20 | static inline int system_keyring_id_check(u64 id) |
21 | { | |
22 | if (id > (unsigned long)VERIFY_USE_PLATFORM_KEYRING) | |
23 | return -EINVAL; | |
24 | ||
25 | return 0; | |
26 | } | |
27 | ||
e68503bd DH |
28 | /* |
29 | * The use to which an asymmetric key is being put. | |
30 | */ | |
31 | enum key_being_used_for { | |
32 | VERIFYING_MODULE_SIGNATURE, | |
33 | VERIFYING_FIRMWARE_SIGNATURE, | |
34 | VERIFYING_KEXEC_PE_SIGNATURE, | |
35 | VERIFYING_KEY_SIGNATURE, | |
36 | VERIFYING_KEY_SELF_SIGNATURE, | |
37 | VERIFYING_UNSPECIFIED_SIGNATURE, | |
38 | NR__KEY_BEING_USED_FOR | |
39 | }; | |
40 | extern const char *const key_being_used_for[NR__KEY_BEING_USED_FOR]; | |
41 | ||
42 | #ifdef CONFIG_SYSTEM_DATA_VERIFICATION | |
43 | ||
44 | struct key; | |
2a7bf671 | 45 | struct pkcs7_message; |
e68503bd DH |
46 | |
47 | extern int verify_pkcs7_signature(const void *data, size_t len, | |
48 | const void *raw_pkcs7, size_t pkcs7_len, | |
49 | struct key *trusted_keys, | |
e68503bd DH |
50 | enum key_being_used_for usage, |
51 | int (*view_content)(void *ctx, | |
52 | const void *data, size_t len, | |
53 | size_t asn1hdrlen), | |
54 | void *ctx); | |
2a7bf671 TJB |
55 | extern int verify_pkcs7_message_sig(const void *data, size_t len, |
56 | struct pkcs7_message *pkcs7, | |
57 | struct key *trusted_keys, | |
58 | enum key_being_used_for usage, | |
59 | int (*view_content)(void *ctx, | |
60 | const void *data, | |
61 | size_t len, | |
62 | size_t asn1hdrlen), | |
63 | void *ctx); | |
e68503bd DH |
64 | |
65 | #ifdef CONFIG_SIGNED_PE_FILE_VERIFICATION | |
66 | extern int verify_pefile_signature(const void *pebuf, unsigned pelen, | |
67 | struct key *trusted_keys, | |
68 | enum key_being_used_for usage); | |
69 | #endif | |
70 | ||
71 | #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */ | |
72 | #endif /* _LINUX_VERIFY_PEFILE_H */ |